osquery is an operating system instrumentation framework for OS X, Linux, and FreeBSD. The tools make low-level operating system analytics and monitoring both performant and intuitive.

osquery exposes an operating system as a high-performance relational database. This allows you to write SQL queries to explore operating system data. With osquery, SQL tables represent abstract concepts such as running processes, loaded kernel modules, open network connections, browser plugins, hardware events or file hashes.

Getting Started

If you're interested in installing osquery check out the install guide for OS X, Linux, and FreeBSD.

If you're interested in deploying osquery to provide your organization with deeper insight into your Linux, FreeBSD, and OS X hosts check out the using osqueryd guide. If you're interested in performing ad-hoc queries, check out using osqueryi.

If you're interested in extending one of the existing osquery tools or improving core libraries, read the developer documentation pages. You should start with "building the code" and "contributing code".

If you're interested in integrating osquery into your own tool, check out the osquery SDK.

Getting help

If any part of osquery is not working as expected, please create a GitHub Issue. Keep in touch with osquery developers and users in #osquery on freenode.

If you have long-form questions, please email osquery@googlegroups.com.